Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Snort

from [Alex Butcher, ISC/ISYS] Network Security [Permanent Link]
Subject: Re: Snort
Date: Wed, 29 Sep 2004 10:52:51 +0100


--On 27 September 2004 14:09 -0700 Jeremy Gonzales <jerdgonzales@yahoo.com> wrote:

Does anyone have experience with snort reports? How do
you deal with the loads of information? Is there a way
to  generate reports that eliminate the false
positives? Any help will be appreciated.

1) Tune your rules to eliminate false positives
2) Tune classification of rules (e.g. add new, more specific, classifications and use them appropriately)
3) Tune priority of classifications
4) Only report on priority 1 events.

Oinkmaster is useful for part 3, as you can use modifysid to change the classtype based on part of the message (e.g. 'P2P' or 'CHAT').

Thanks,
Jeremy.


Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE 
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IDS Sensor operation, Joshua Berry
Next by Date:  RE: Snort, Wozny, Scott (US - New York)
Previous by Thread:  Snort, Jeremy Gonzales
Next by Thread:  Re: Snort, SuxxToBe
Indexes:  [Date] [Thread] [Top] [All Lists]